fix(auth): Cleanup getRefreshTokenCookiePath implementation

2026-05-11 00:11:54 -05:00 · 2026-03-31 10:39:36 +08:00
parent e8615efe8e
commit fb0d0cb32c
1 changed files with 5 additions and 3 deletions
--- a/pkg/modules/auth/auth.go
+++ b/pkg/modules/auth/auth.go
@@ -53,15 +53,17 @@ const RefreshTokenCookieName = "vikunja_refresh_token" //nolint:gosec // not a c
 // getRefreshTokenCookiePath returns the cookie path for the refresh token,
 // derived from service.publicurl.
 func getRefreshTokenCookiePath() string {
+	refreshURL := "/api/v1/user/token/refresh"
+
 	publicURL := config.ServicePublicURL.GetString()
 	u, err := url.Parse(publicURL)
-	if err != nil || publicURL == "" || publicURL == "/" {
-		return "/api/v1/user/token/refresh"
+	if err != nil {
+		return refreshURL
 	}

 	// Extract the path component and append the refresh endpoint
 	basePath := strings.TrimRight(u.Path, "/")
-	return basePath + "/api/v1/user/token/refresh"
+	return basePath + refreshURL
 }

 // SetRefreshTokenCookie sets an HttpOnly cookie containing the refresh token.